ID CVE-2007-1710
Summary The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a filename preceded a "php://../../" sequence.
References
Vulnerable Configurations
  • PHP 4.4.4 -
    cpe:2.3:a:php:php:4.4.4
  • PHP PHP 5.1.6
    cpe:2.3:a:php:php:5.1.6
  • PHP 5.2.1 -
    cpe:2.3:a:php:php:5.2.1
CVSS
Base: 4.3 (as of 28-03-2007 - 21:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
id EDB-ID:3573
nessus via4
NASL family CGI abuses
NASL id PHP_4_4_7_OR_5_2_2.NASL
description According to its banner, the version of PHP installed on the remote host is older than 4.4.7 / 5.2.2. Such versions may be affected by several issues, including buffer overflows in the GD library.
last seen 2019-02-21
modified 2018-07-24
plugin id 25159
published 2007-05-04
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=25159
title PHP < 4.4.7 / 5.2.2 Multiple Vulnerabilities
refmap via4
exploit-db 3573
hp
  • HPSBMA02215
  • HPSBTU02232
  • SSRT071423
  • SSRT071429
secunia
  • 25423
  • 25850
vupen
  • ADV-2007-1991
  • ADV-2007-2374
statements via4
contributor Mark J Cox
lastmodified 2007-04-17
organization Red Hat
statement We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Last major update 03-08-2013 - 02:17
Published 26-03-2007 - 21:19
Last modified 10-10-2017 - 21:31
Back to Top